Nathan Biggs (@nathanbiggs), Senior Vice President
The announcement of the acquisition of House of Brick by OpsCompass is one that I could barely wait to share. This is an incredibly exciting opportunity for House of Brick’s employees, clients, and partners. The combination of leadership by OpsCompass in the Cloud Security Posture Management (CSPM) space, and the thought leadership of House of Brick regarding virtualization and cloud computing for enterprise applications will be unparalleled in the industry.
Anyone who has followed the House of Brick blogs, webinars, and conference presentations, in addition to the thousands of organizations we have spoken with directly, will know how focused we are on managing risk for enterprise applications. Managing this risk comes in the form of vendor license compliance (like Oracle, VMware, and Microsoft), organizational education and preparation for audit activity, and designing and implementing the best private and public cloud infrastructures possible for performance, scalability, and operations.
Our new relationship with OpsCompass allows House of Brick to integrate our risk management intellectual property into a leading innovative CSPM platform. OpsCompass will now provide the industry with the tools and services that remove roadblocks to leveraging the cloud for enterprise applications.
Let me set the table for the challenge that organizations, both large and small, face when developing cloud strategies for their business-critical applications.
Enterprise software applications are the critical engine that power organizations of all sizes throughout the world. These applications are sometimes referred to as “business-critical” or “mission-critical” because if they fail to work, the organization itself is at risk of failing. Wikipedia defines enterprise software as follows:
“Enterprise software, also known as enterprise application software (EAS), is computer software used to satisfy the needs of an organization rather than individual users. Such organizations include businesses, schools, interest-based user groups, clubs, charities, and governments. Enterprise software is an integral part of a (computer-based) information system; a collection of such software is called an enterprise system.”
The distinction that enterprise applications serve the needs of the organization, rather than the needs of individual users, is an important one. While the OpsCompass product family is certainly useful for individual contributors, the real value of private and public cloud management comes when OpsCompass is used throughout the organization to fully monitor and manage the security posture, governance, and compliance of the organization and its critical applications.
Assessing the Cloud Market for Enterprise Applications
Enterprise, business-critical applications receive the most attention, budget, planning, and strategic focus of any information system in organizations worldwide. These systems are so critical to an organization’s success and stability that they rarely push the boundaries of new innovation, but rather wait for the stability, risk control, manageability, and visibility that they demand.
It is vital to note that cloud computing, especially extending the on-premises private cloud into public cloud offerings, is a popular innovation that is receiving much attention, but has yet to capture the momentum of the business-critical space.
In his 2019 re:Invent keynote presentation, AWS CEO Andy Jassy affirmed this position when he declared that for Tier-1 enterprise-class workloads, it is still the early days of the cloud. “We’re still at what I think of is the early stages of the meat of enterprise and public sector adoption in the U.S.,” Jassy said to CRN. “Outside of the U.S., they’re about 12 to 36 months behind, depending on the industry or the country. We’re still at the beginning of this titanic shift to the cloud.”
Jassy’s evaluation of the enterprise cloud market fits precisely with the proven adoption framework outlined by Geoffrey Moore in Crossing the Chasm. Moore’s adjusted technology adoption lifecycle curve, with the chasm between the first two segments, illustrates the relative success that a tech startup can expect to achieve. With early, easy success in selling to innovators and early adopters, many ventures fall into the chasm and fail before ever reaching the lucrative early and late majority phases of customer adoption.
Moore states that while the early adopter is looking for some kind of change agent, “…the early majority want to buy a productivity improvement for existing operations. They are looking to minimize the discontinuity with the old ways. They want evolution, not revolution. They want technology to enhance, not overthrow, the established ways of doing business.”
In the case of cloud computing, the various cloud offerings represent the disruptive technology that Andy Jassy has indicated is only in its “early days.” Most enterprises have some sort of mandate for cloud adoption, so it is definitely here to stay. As a result, there is a considerable need to provide a safe path enabling enterprise application customers to migrate to the cloud. The products and professional services offered by OpsCompass + House of Brick are unmatched in the industry, positioning us to be the enabler that enterprise organizations are searching for.
OpsCompass + House of Brick Will Enable Enterprise Applications in the Cloud
So, what will it take to move enterprise and public sector to the cloud? Based on our experience talking to thousands of organizations about their private and public cloud strategies, it is clear that the following elements are critical to enabling cloud adoption for enterprise applications:
- Cloud Security Posture Management
- Vendor License Compliance
- Visibility & Accountability
- Multi & Hybrid Cloud
- Professional Services
Cloud Security Posture Management is a Vital Category of Management Tooling
Securing enterprise cloud applications in on-premises or public cloud environments goes beyond traditional security controls. According to Gartner’s Richard Bartley, Monitoring and controlling cloud resources according to regulatory and business-specific compliance and cloud governance best-practice principles are key elements of Cloud Security Posture Management. Without these monitors and controls, the risk profile and deployment costs for organizations moving enterprise applications to the cloud will rise far beyond acceptable tolerance levels.
According to Gartner analyst Neil MacDonald, “Nearly all successful attacks on cloud services are the result of customer misconfiguration, mismanagement and mistakes. Security and risk management leaders should invest in cloud security posture management processes and tools to proactively and reactively identify and remediate these risks.”
As a leading CSPM solution provider, OpsCompass has the current tools, robust product roadmap, and professional services to support enterprise customers of all sizes in developing and implementing their secure cloud strategies.
Vendor License Compliance is Critical for Controlling Organizational Risk
Another considerable concern for enterprise applications in the cloud is the risk inherent in vendor licensing.
Karine Semmer, Head of IT Hosting Transformation & Modernization Program at Medtronic made the following statement when asked about large-scale enterprise migrations to the cloud, “The one challenge which I think many of you will recognize if you have done anything contractually around licensing going from on-prem to cloud, that again is our more significant challenge. One that is true for the cloud industry.”
House of Brick is an industry thought leader in educating and defending clients’ use of Oracle and Microsoft licenses in private and public cloud environments. The opportunity to integrate House of Brick’s experience and expertise, along with its license compliance monitoring software into the OpsCompass product suite, was a key driver in bringing the two organizations together. This enhanced monitoring and alerting capability for Oracle and Microsoft workloads, with more vendors planned in the product roadmap, will address the challenge that Karine Semmer identified.
Visibility and Accountability Must be Maintained
Visibility, reporting, and accountability ensure that a cloud security solution brings broad business value. When organizations treat technology as an isolated enabler that someone else worries about, they shortsightedly reduce the value of the investment that they are making.
Kerry Kelley, an OpsCompass board member, and former U.S. Strategic Command CIO and Director of Command Control Communications and Computers, said the following in a personal interview regarding the adoption of cloud at STRATCOM, “One of our primary concerns with moving mission applications into a cloud environment was the lack of visibility and ability to account for necessary compliance and security controls.”
In order to ensure the highest degree of compliance and governance, the solution must be implemented throughout the organization, and not just by an isolated administrator. When we work with clients on vendor license audits, client professionals from many disciplines require access to key compliance information. This includes contributors from legal, procurement, executive management, business management, IT management, and technical administration. OpsCompass supports role-based access to information, and will continue to develop and refine access personas according to the needs of our clients.
Multi & Hybrid is a Current and Future Cloud Reality
Having multi-cloud options, including hybrid cloud with on-premises deployments, is vital. Even now, in the early days of enterprise cloud adoption, organizations are spreading their workloads from virtualized on-premises environments to deployments in AWS, Azure, GCP, Oracle Cloud, and others.
Beth Kindig, an industry leading technology analyst and regular contributor at Marketwatch, said the following regarding the U.S. Department of Defense JEDI contract:
“Hybrid is an essential strategy for the security-conscious Department of Defense, as it can’t put its entire system in the cloud for obvious security reasons. The DoD must retain the most sensitive information with on-premise servers while leveraging the cloud for artificial-intelligence and machine-learning purposes. The cloud is necessary, however, as real-time data helps prepare for combat and inform missions when soldiers are in the field.”
Gartner Analyst Richard Bartley, in his previously cited research, made the recommendation that “as a technical professional responsible for organizational security in the public cloud, you should focus on enabling native cloud security controls first. Select a CASB, CSPM and/or CWPP vendor that covers hybrid cloud deployments or any remaining security gaps that native cloud security tools do not cover.”
While the OpsCompass product suite currently leverages cloud-native security controls in Azure, AWS, and GCP, the new integrated license monitoring capability also extends to on-premises environments. In fact, the innovative core architecture of OpsCompass is one that supports the inclusion of many disparate clouds, including those that may be proprietary to a client’s own business process. Supporting both on-premises and public cloud environments will remain a strategic focus for OpsCompass.
Professional Service is a Key Enabler for Cloud Success
While everyone talks about “cloud computing” the truth is that developing and implementing a robust cloud strategy can be confusing and difficult. With OpsCompass + House of Brick, we want to ensure that all of our clients have an amazing experience implementing their cloud strategy. As we have discussed, the solutions offered in OpsCompass are foundational to establishing necessary compliance and governance frameworks. By integrating the world-class consulting capability of House of Brick into the OpsCompass product suite, we are demonstrating our unwavering commitment to the success of our clients.
The essential professional services that we provide span the scope and timing of client cloud adoption and usage. They include:
- Analyzing vendor license compliance before migrating any problems into the cloud
- Assessing client cloud readiness, including understanding and documenting governance and compliance concerns
- Employing proven best practices to develop a cloud strategy for enterprise applications that ensures performance, responsiveness, and compliance
- Developing a cloud implementation and migration plan
- Reviewing applications to determine modernization needs and opportunities
- Implementing strategies while ensuring key success metrics are achieved
- Proactively managing application and database health
- Defending clients’ use of cloud infrastructures in vendor, regulatory, or internal audits
- Remediating compliance events before they become an unmanageable problem
When asked what the most important thing that AWS partners can do, Andy Jassy said the following:
“There’s a very large number of enterprises and government organizations that want to make a mass migration to the cloud, and they need help. So, building a practice around modernization and mass migration is a giant opportunity. There’s just not enough qualified people to help with the demand that’s there right now.”
OpsCompass + House of Brick is ready to be your partner in the cloud journey.
OpsCompass + House of Brick is Your Cloud Partner
Together, OpsCompass + House of Brick provides the solutions and services that organizations need as they develop their cloud strategy. Our united company dramatically reduces the risk profile of organizations moving their enterprise applications into the cloud, and then monitors those environments to automatically alert on critical conditions.
We give enterprises the visibility, control, remediation, architectural and operational support required for success. I believe that together OpsCompass + House of Brick is the most well-positioned organization in the industry to create this lasting cloud enablement platform. I know of no other organization that can provide the power, trust, innovation, and vision that OpsCompass + House of Brick can.
 Geoffrey Moore, Crossing the Chasm, 3rd Edition: Marketing and Selling Disruptive Products to Mainstream Customers
 Gartner, Solution Path for Security in the Public Cloud, Published: 30 January 2020 ID: G00451314
 Gartner, Innovation Insight for Cloud Security Posture Management, Published: 25 January 2019 ID: G00377795
 Karine Semmer, Head of IT Hosting Transformation & Modernization Program at Medtronic, VMWorld 2017 opening general session